From c4fbc450e36439b62b824ff03fc0c32e199f1ccd Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 19 Jan 2024 06:44:41 -0500
Subject: [PATCH] Allow unconfined_r to transition to container_user_r

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 container.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/container.te b/container.te
index 51c55a5..61ca5f4 100644
--- a/container.te
+++ b/container.te
@@ -1532,6 +1532,9 @@ role container_user_r types container_user_domain;
 role container_user_r types container_net_domain;
 role container_user_r types container_file_type;
 container_runtime_run(container_user_t, container_user_r)
+unconfined_role_change_to(container_user_r)
+
+container_use_ptys(container_user_t)
 
 fs_manage_cgroup_dirs(container_user_t)
 fs_manage_cgroup_files(container_user_t)